Ironic

can't disable file injection for bare metal

Bug #1178103 reported by Robert Collins
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ironic
Invalid
High
Unassigned
OpenStack Compute (nova)
Fix Released
High
Joe Gordon
OpenStack Compute (nova) 2014.1 "icehouse"
tripleo
Fix Released
High
Joe Gordon

Bug Description

For two reasons : a) until we have quantum-pxe done, it won't work, and b) file injection always happens.

One of the reasons to want to disable file injection is to work with hardware that gets a ethernet interface other than 'eth0' - e.g. if only eth1 is plugged in on the hardware, file injection with it's hardcoded parameters interferes with network bringup.

A workaround for homogeneous environments is to change the template to hardcode the interface name (s/iface.name/eth2/)

See original description
Tags: baremetal
Robert Collins (lifeless)
description: updated
description: updated
Revision history for this message
aeva black (tenbrae) wrote :

Marking as wishlist because 1) it's not something which *can* be fixed now, 2) supporting file injection isn't broken per-se. Making it optional would clearly be an improvement, though.

Changed in nova:
importance: High → Wishlist
Revision history for this message
Robert Collins (lifeless) wrote :

Respectfully, I disagree on 2) - it's physically impossible to have two images with different vlan configs pre-set in /e/n/i today, you have to use a first-boot script to overwrite the file injection : thats unbreakme stuff, e.g. clearly broken.

Changed in tripleo:
status: New → Triaged
importance: Undecided → High
Revision history for this message
aeva black (tenbrae) wrote :

My initial read of this was that using the injected network template was a sufficient work-around, but it seems that that is not the case. I also looked through the libvirt file injection code for comparison, and now agree that not being able to disable file injection in baremetal is a bug.

Changed in nova:
importance: Wishlist → High
Revision history for this message
Joe Gordon (jogo) wrote :

As a first step we can make file injection optional and leave everything else the same. The next step is to optimize the image workflow for performance

Changed in tripleo:
assignee: nobody → Joe Gordon (jogo)
Changed in nova:
assignee: nobody → Joe Gordon (jogo)
Revision history for this message
Joe Gordon (jogo) wrote :

performance experiments:

For deploying two baremetal nodes. Two copies out of glance, convert to raw twice and two copies out.

* Given a given a local qcow2 do a qemu-image-convert directly to the iscsi partition
* convert and cache the RAW file and then DD that out

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/47282

Revision history for this message
Joe Gordon (jogo) wrote :

Next step is to make sure baremetal.pxe doesn't pull done separate copies of the image if injection is disabled.

aeva black (tenbrae)
Changed in ironic:
status: New → Triaged
importance: Undecided → High
Revision history for this message
aeva black (tenbrae) wrote :

Joe, take a look at the PXE driver in Ironic. I believe Ghe already implemented the "don't download the same image twice" optimization there, so you may be able to port it to Nova if desired.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to nova (master)

Reviewed: https://review.openstack.org/47282
Committed: http://github.com/openstack/nova/commit/cd9385633ffd50ebe8341d0d8a408a0b9fe85483
Submitter: Jenkins
Branch: master

commit cd9385633ffd50ebe8341d0d8a408a0b9fe85483
Author: Joe Gordon <email address hidden>
Date: Wed Sep 18 16:26:55 2013 -0700

    Add flag to make baremetal.pxe file injection optional

    File injection is slow and risky, So make it optional. File injection
    was used for getting networking configuration into the baremetal nodes,
    but neutron can do this now. File injection is also used for general
    file injection and password injection, but those should be optional as
    well.

    Change-Id: If59641952255e5aaf3767524e2b3c566eefe2b74
    Related-Bug: #1178103

Revision history for this message
Robert Collins (lifeless) wrote :

We can't close the task for this until dhcp-all-interfaces is functional : https://bugs.launchpad.net/diskimage-builder/+bug/1233577

Changed in nova:
status: Triaged → Fix Committed
Revision history for this message
Roman Podoliaka (rpodolyaka) wrote :

Can we close this now in TripleO?

Revision history for this message
Joe Gordon (jogo) wrote :

AFAIK yes

Changed in tripleo:
status: Triaged → Fix Committed
Roman Podoliaka (rpodolyaka)
Changed in tripleo:
status: Fix Committed → Fix Released
Russell Bryant (russellb)
Changed in nova:
milestone: none → icehouse-1
Thierry Carrez (ttx)
Changed in nova:
status: Fix Committed → Fix Released
Revision history for this message
aeva black (tenbrae) wrote :

Marking as Invalid for Ironic -- file injection is not implemented in the PXE driver and thus doesn't need to be disabled.

Changed in ironic:
status: Triaged → Invalid
Thierry Carrez (ttx)
Changed in nova:
milestone: icehouse-1 → 2014.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.